IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

EU to introduce strict IoT security regulation

Manufacturers will be required to assess all risks, and notify the EU of issues within 24hrs

The EU is set to introduce a law that would require smart devices to follow strict cyber security rules, on threat of a device ban.

Internet of Things (IoT) devices such as smart home controls or fitness trackers are becoming more ubiquitous, making life more convenient while also increasing the vectors through which threat actors can perpetrate cyber crime.

The proposal, which Reuters reports is titled the Cyber Resilience Act, will be formally put forward on 13 September. Once law, smart device manufacturers will be required to review the risk profiles of their products and fix any discovered vulnerabilities. 

In the event of a problem or threat being discovered, the law will also require companies to notify the European Union Agency for Cybersecurity (ENISA) within 24 hours.

Companies that fail to abide by the provisions laid out in the legislation will be faced with serious consequences, with the higher value of either €15 million or 2.5% of global turnover proposed as the upper limit for fines. Products that are considered to violate the law could also be banned from EU sale altogether.

Researchers have long been concerned over the security risk posed by IoT devices. In 2021, Kaspersky researchers reported that over 1.5 billion attacks had been made against such devices in just the first six months of the year, a more than 100% increase from the same period in the previous year.

"Given the unsustainable “react and patch” approach to cyber security today, it is imperative that manufacturers move to ensure products are delivered more secure by default," stated Professor John Goodacre, director of the UKRI’s Digital Security by Design challenge and professor of computer architectures at the University of Manchester.

"This new EU bill along with the UK government's PSTI bill are clear indications that non-commercial incentives are required to move the burden of cyber defence from the user to earlier in the supply chain.  

"The UK government also has a UKRI programme, Digital Security by Design, that moves this burden even earlier in the supply chain by investigating how the actual computer chips in all digital systems can protect users from vulnerability exploitation by design."

Related Resource

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

Whitepaper cover with title and text, and image of pyramid cyber-resilience modelFree Download

The benefits of the law could be wide-reaching, enabling consumers and businesses alike to use their devices without fear of failure or the use of IoT connectivity as an escalation point from which to undertake attacks with malware or ransomware.

In the proposal paper seen by Reuters, lawmakers argue that the introduction of the Cyber Resilience Act could cost companies as much as €29 billion per year — but that this would save an estimated €290 billion in annual damages.

Security firms specialising in smart device assessment could also see a major boost as a result of the law. In March, Meticulous Market Research predicted that the IoT security market would hit $59 billion by 2029.

Felixstowe Docks in Suffolk, the UK’s busiest port, announced plans earlier this year to outfit the quay cranes used to move shipping containers around with 5G IoT sensors, to reduce equipment failure and optimise port efficiency. If hit by the kind of breach that other IoT devices have suffered, the knock-on effect to supply chains across the UK could be catastrophic.

This article was updated to include a quote from Professor John Goodacre.

Featured Resources

Three ways manual coding is killing your business productivity

...and how you can fix it

Free Download

Goodbye broadcasts, hello conversations

Drive conversations across the funnel with the WhatsApp Business Platform

Free Download

Winning with multi-cloud

How to drive a competitive advantage and overcome data integration challenges

Free Download

Talking to a business should feel like messaging a friend

Managing customer conversations at scale with the WhatsApp Business Platform

Free Download

Recommended

EU fights back against 'legalised' Europol GDPR breaches
data protection

EU fights back against 'legalised' Europol GDPR breaches

23 Sep 2022
Europe proposes €43 billion Chips Act to tackle semiconductor shortage
Policy & legislation

Europe proposes €43 billion Chips Act to tackle semiconductor shortage

8 Feb 2022
Intel’s €1.06 billion antitrust fine overturned by EU court
Policy & legislation

Intel’s €1.06 billion antitrust fine overturned by EU court

27 Jan 2022
EU agrees on data sharing legislation to accelerate industry-wide innovation
data governance

EU agrees on data sharing legislation to accelerate industry-wide innovation

1 Dec 2021

Most Popular

What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
BT's new platform promises to slash AI development time from months to days
artificial intelligence (AI)

BT's new platform promises to slash AI development time from months to days

3 Oct 2022